Merge remote-tracking branch 'ni/master'

krebs/3modules/tv/default.nix

@@ -78,7 +78,9 @@ with import <stockholm/lib>;
       extraZones = {
         # TODO generate krebsco.de zone from nets and don't use extraZones at all
         "krebsco.de" = ''
+          krebsco.de. 60 IN MX 5 mx23
           cd          60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
+          mx23        60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
         '';
       };
       nets = {
@@ -213,7 +215,6 @@ with import <stockholm/lib>;
     ni = {
       extraZones = {
         "krebsco.de" = ''
-          krebsco.de. 60 IN MX 5 ni
           ni          60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
           cgit        60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
           cgit.ni     60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
@@ -351,11 +352,17 @@ with import <stockholm/lib>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
     };
     xu = {
+      binary-cache = {
+        pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
+      };
       cores = 4;
       nets = {
         gg23 = {
           ip4.addr = "10.23.1.38";
-          aliases = ["xu.gg23"];
+          aliases = [
+            "cache.xu.gg23"
+            "xu.gg23"
+          ];
           ssh.port = 11423;
         };
         retiolum = {

krebs/5pkgs/builders.nix

@@ -37,7 +37,17 @@ rec {
       };
     };
 
-  writeBash = makeScriptWriter "${pkgs.bash}/bin/bash";
+  writeBash = name: text:
+    assert (with types; either absolute-pathname filename).check name;
+    pkgs.writeOut (baseNameOf name) {
+      ${optionalString (types.absolute-pathname.check name) name} = {
+        check = pkgs.writeDash "shellcheck.sh" ''
+          ${pkgs.haskellPackages.ShellCheck}/bin/shellcheck "$1" || :
+        '';
+        executable = true;
+        text = "#! ${pkgs.bash}/bin/bash\n${text}";
+      };
+    };
 
   writeBashBin = name:
     assert types.filename.check name;
@@ -91,6 +101,7 @@ rec {
 
     writers.text =
       { path
+      , check ? null
       , executable ? false
       , mode ? if executable then "0755" else "0644"
       , text
@@ -102,6 +113,9 @@ rec {
         var = "file_${hashString "sha1" path}";
         val = text;
         install = /* sh */ ''
+          ${optionalString (check != null) /* sh */ ''
+            ${check} ''$${var}Path
+          ''}
           ${pkgs.coreutils}/bin/install -m ${mode} -D ''$${var}Path $out${path}
         '';
       };

krebs/5pkgs/github-hosts-sync/default.nix

@@ -19,6 +19,7 @@ stdenv.mkDerivation {
         git
         gnugrep
         gnused
+        nettools
         openssh
         socat
       ]);

krebs/5pkgs/haskell-overrides/blessings.nix

@@ -1,11 +1,11 @@
 { mkDerivation, base, fetchgit, stdenv }:
-mkDerivation {
+mkDerivation rec {
   pname = "blessings";
-  version = "1.0.0";
+  version = "1.1.0";
   src = fetchgit {
     url = http://cgit.ni.krebsco.de/blessings;
-    rev = "25a510dcb38ea9158e9969d56eb66cb1b860ab5f";
-    sha256 = "0xg329h1y68ndg4w3m1jp38pkg3gqg7r19q70gqqj4mswb6qcrqc";
+    rev = "refs/tags/v${version}";
+    sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
   };
   libraryHaskellDepends = [ base ];
   doHaddock = false;

krebs/5pkgs/painload/default.nix

@@ -2,6 +2,6 @@
 
 fetchgit {
   url = https://github.com/krebscode/painload;
-  rev = "8df031f810a2776d8c43b03a9793cb49398bd33b";
-  sha256 = "03md5k6fmz0j1ny22iw96dzq7cvijbz24ii85i0h2dhcychdp650";
+  rev = "c113487f73713a03b1a139b22bb34b86234d0495";
+  sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6";
 }

tv/1systems/nomic.nix

@@ -15,7 +15,6 @@ with import <stockholm/lib>;
     ../2configs/nginx/public_html.nix
     ../2configs/pulse.nix
     ../2configs/retiolum.nix
-    ../2configs/wu-binary-cache/client.nix
     ../2configs/xserver
   ];
 

tv/1systems/wu.nix

@@ -16,7 +16,6 @@ with import <stockholm/lib>;
     ../2configs/nginx/public_html.nix
     ../2configs/pulse.nix
     ../2configs/retiolum.nix
-    ../2configs/wu-binary-cache
     ../2configs/xserver
     {
       environment.systemPackages = with pkgs; [

tv/1systems/xu.nix

@@ -15,7 +15,7 @@ with import <stockholm/lib>;
     ../2configs/nginx/public_html.nix
     ../2configs/pulse.nix
     ../2configs/retiolum.nix
-    ../2configs/wu-binary-cache/client.nix
+    ../2configs/binary-cache
     ../2configs/xserver
     ../2configs/xu-qemu0.nix
     {

tv/1systems/zu.nix

@@ -21,7 +21,6 @@ with import <stockholm/lib>;
     ../2configs/nginx/public_html.nix
     ../2configs/pulse.nix
     ../2configs/retiolum.nix
-    ../2configs/wu-binary-cache/client.nix
     ../2configs/xserver
     {
       environment.systemPackages = with pkgs; [

tv/2configs/backup.nix

@@ -58,6 +58,18 @@ with import <stockholm/lib>;
       dst = { host = config.krebs.hosts.xu; path = "/bku/cd-home"; };
       startAt = "07:00";
     };
+    xu-pull-ni-ejabberd = {
+      method = "pull";
+      src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
+      dst = { host = config.krebs.hosts.xu; path = "/bku/ni-ejabberd"; };
+      startAt = "07:00";
+    };
+    xu-pull-ni-home = {
+      method = "pull";
+      src = { host = config.krebs.hosts.ni; path = "/home"; };
+      dst = { host = config.krebs.hosts.xu; path = "/bku/ni-home"; };
+      startAt = "07:00";
+    };
     zu-home-xu = {
       method = "push";
       src = { host = config.krebs.hosts.zu; path = "/home"; };
@@ -76,6 +88,18 @@ with import <stockholm/lib>;
       dst = { host = config.krebs.hosts.zu; path = "/bku/cd-home"; };
       startAt = "06:30";
     };
+    zu-pull-ni-ejabberd = {
+      method = "pull";
+      src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
+      dst = { host = config.krebs.hosts.zu; path = "/bku/ni-ejabberd"; };
+      startAt = "06:00";
+    };
+    zu-pull-ni-home = {
+      method = "pull";
+      src = { host = config.krebs.hosts.ni; path = "/home"; };
+      dst = { host = config.krebs.hosts.zu; path = "/bku/ni-home"; };
+      startAt = "06:30";
+    };
   } // mapAttrs (_: recursiveUpdate {
     snapshots = {
       minutely = { format = "%Y-%m-%dT%H:%M"; retain = 3; };

tv/2configs/binary-cache/default.nix

@@ -1,22 +1,30 @@
 { config, lib, pkgs, ... }: with import <stockholm/lib>;
 {
-  services.nix-serve = assert config.krebs.build.host.name == "wu"; {
+  environment.etc."binary-cache.pubkey".text =
+    config.krebs.build.host.binary-cache.pubkey;
+
+  services.nix-serve = {
     enable = true;
-    secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+    secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path;
   };
+
   systemd.services.nix-serve = {
     requires = ["secret.service"];
     after = ["secret.service"];
   };
-  krebs.secret.files.nix-serve-key = {
+
+  krebs.secret.files.binary-cache-seckey = {
     path = "/run/secret/nix-serve.key";
     owner.name = "nix-serve";
     source-path = toString <secrets> + "/nix-serve.key";
   };
+
   krebs.nginx = {
     enable = true;
     servers.nix-serve = {
-      server-names = [ "cache.wu.gg23" ];
+      server-names = [
+        "cache.${config.krebs.build.host.name}.gg23"
+      ];
       locations = singleton (nameValuePair "/" ''
         proxy_pass http://localhost:${toString config.services.nix-serve.port};
       '');

tv/2configs/default.nix

@@ -14,7 +14,7 @@ with import <stockholm/lib>;
       stockholm.file = "/home/tv/stockholm";
       nixpkgs.git = {
         url = https://github.com/NixOS/nixpkgs;
-        ref = "a6728e15cbca1d11553f01d7c3c477ae2debfd8e";
+        ref = "728a9578e31a0f78f6ad07a3a2ec706ec5290f10";
       };
     } // optionalAttrs host.secure {
       secrets-master.file = "/home/tv/secrets/master";

tv/2configs/git.nix

@@ -29,8 +29,10 @@ let
     cac-api = {
       cgit.desc = "CloudAtCost API command line interface";
     };
+    dic = {
+      cgit.desc = "dict.leo.org command line interface";
+    };
     get = {};
-    hack = {};
     load-env = {};
     loldns = {
       cgit.desc = "toy DNS server";
@@ -40,12 +42,9 @@ let
     netcup = {
       cgit.desc = "netcup command line interface";
     };
-    newsbot-js = {};
-    nixpkgs = {};
     populate = {
       cgit.desc = "source code installer";
     };
-    push = {};
     regfish = {};
     soundcloud = {
       cgit.desc = "SoundCloud command line interface";
@@ -53,8 +52,10 @@ let
     stockholm = {
       cgit.desc = "NixOS configuration";
     };
-    with-tmpdir = {};
-  } // mapAttrs (_: recursiveUpdate { cgit.section = "2. Haskell libraries"; }) {
+  } // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) {
+    ni = {
+    };
+  } // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) {
     blessings = {};
     mime = {};
     quipper = {};
@@ -63,12 +64,15 @@ let
     web-routes-wai-custom = {};
     xintmap = {};
     xmonad-stockholm = {};
-  } // mapAttrs (_: recursiveUpdate { cgit.section = "3. museum"; }) {
+  } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) {
     cgserver = {};
     crude-mail-setup = {};
     dot-xmonad = {};
+    make-snapshot = {};
     nixos-infest = {};
     painload = {};
+    push = {};
+    with-tmpdir = {};
   });
 
   restricted-repos = mapAttrs make-restricted-repo (

tv/2configs/wu-binary-cache/client.nix

@@ -1,7 +0,0 @@
-_:
-{
-  nix = {
-    binaryCaches = ["http://cache.wu.gg23"];
-    binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="];
-  };
-}

tv/5pkgs/default.nix

@@ -35,9 +35,6 @@ with import <stockholm/lib>;
     ff = pkgs.writeDashBin "ff" ''
       exec ${pkgs.firefoxWrapper}/bin/firefox "$@"
     '';
-    gnupg =
-      if elem config.krebs.build.host.name ["xu" "wu"]
-        then super.gnupg21
-        else super.gnupg;
+    gnupg = pkgs.gnupg21;
   };
 }